Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xbKWvthMRS-9cJ73nwom3rUUofo.roa
File:                     xbKWvthMRS-9cJ73nwom3rUUofo.roa (raw, json)
Hash identifier:          Ub55n8zhv56mufxBQzkeKlyIOoEFCpuXGYRKzt6Mx24=
Subject key identifier:   C5:B2:96:BE:D8:4C:45:2F:BD:70:9E:F7:9F:0A:26:DE:B5:14:A1:FA
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0196F8B37E45DABE0C9F94EC946EF2F99E64
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xbKWvthMRS-9cJ73nwom3rUUofo.roa
Signing time:             Thu 22 May 2025 15:53:54 +0000
ROA not before:           Thu 22 May 2025 15:53:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        178.22.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:b3:7e:45:da:be:0c:9f:94:ec:94:6e:f2:f9:9e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: May 22 15:53:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5b296bed84c452fbd709ef79f0a26deb514a1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c8:90:6e:7e:3c:fa:cf:74:cb:86:53:04:0a:
                    53:c5:3c:56:aa:9e:34:d9:22:80:fe:8b:a6:4f:75:
                    55:49:dc:62:19:c8:25:57:b4:a5:11:f4:68:c2:c6:
                    31:f0:f9:6a:d3:4d:30:35:89:67:c1:84:f3:24:8a:
                    ae:c9:36:47:c9:9c:af:4f:3b:35:5c:3b:eb:c3:2c:
                    87:ef:f9:4a:be:3e:a5:cd:3c:3d:c5:e6:30:77:e3:
                    a1:6e:95:f3:be:f0:0b:90:3f:44:e6:2b:68:fa:2f:
                    d3:59:26:b3:02:ec:f6:d1:89:91:dd:f1:17:a0:82:
                    ae:9d:16:eb:81:fa:7d:1d:98:52:17:bb:91:56:58:
                    27:80:16:92:ee:2b:d4:f1:3e:54:d6:67:96:22:f4:
                    7d:9d:24:0a:af:04:a1:bd:3b:a1:ae:00:7a:2f:f5:
                    2a:9b:64:02:59:0a:3c:69:b1:11:95:91:ae:e1:a8:
                    65:45:bc:da:6e:fc:16:f0:44:c8:35:fa:43:62:df:
                    4b:98:92:fb:d4:d3:0b:1a:99:b2:b6:63:bb:f0:22:
                    80:cc:48:ae:ba:f3:96:ab:17:4d:23:84:b7:fa:69:
                    b4:ed:61:76:cf:a8:66:ae:80:90:99:51:b1:e1:1a:
                    f8:7a:e2:db:70:37:f2:4c:8d:79:8f:49:bc:d2:4d:
                    3c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B2:96:BE:D8:4C:45:2F:BD:70:9E:F7:9F:0A:26:DE:B5:14:A1:FA
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xbKWvthMRS-9cJ73nwom3rUUofo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f2:05:43:f3:24:cc:db:85:d4:38:60:db:b1:d6:51:3b:2d:
         d4:92:f5:f5:71:43:96:fb:a4:ed:7a:eb:41:7e:4f:12:a2:e6:
         37:ec:97:4f:4a:d9:05:8f:2c:58:4d:73:b8:56:f3:e4:89:f6:
         c6:29:a6:4f:c6:05:c2:a6:9f:17:a1:5f:62:a0:1a:f1:be:17:
         3c:4d:1c:b5:89:34:a3:61:d5:5b:a1:a2:d7:06:87:8a:f6:85:
         25:b1:0b:e3:5d:87:13:70:93:6f:c4:b6:bb:50:77:2c:1d:32:
         d9:51:76:6e:bb:5b:30:e8:41:fd:28:cb:c4:ba:5f:68:07:22:
         57:10:28:dd:e1:35:48:54:23:2e:e8:04:e9:7d:26:27:3f:94:
         cf:47:b1:aa:80:94:e2:cd:27:25:4f:2c:4e:b0:9a:b6:05:15:
         98:13:20:0c:5d:7f:a4:a8:41:c6:7f:fd:43:fb:a6:33:8b:92:
         f4:c8:ca:dd:fc:0e:2b:48:b8:db:87:95:4d:1e:1e:7c:58:bf:
         85:c7:90:09:0a:45:a7:04:d5:65:d6:9f:bc:00:4e:01:10:3e:
         c5:88:65:f9:24:57:89:ba:b5:f9:09:f9:c4:ed:1f:77:2a:aa:
         2d:f2:94:e6:75:b6:67:54:c8:dc:d1:60:37:c8:5a:33:5f:04:
         e0:e6:e0:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4s35F2r4Mn5TslG7y+Z5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNTIyMTU1MzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIyOTZiZWQ4NGM0NTJmYmQ3MDllZjc5ZjBhMjZkZWI1MTRhMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlciQbn48+s90y4ZTBApTxTxWqp40
2SKA/oumT3VVSdxiGcglV7SlEfRowsYx8Plq000wNYlnwYTzJIquyTZHyZyvTzs1
XDvrwyyH7/lKvj6lzTw9xeYwd+OhbpXzvvALkD9E5ito+i/TWSazAuz20YmR3fEX
oIKunRbrgfp9HZhSF7uRVlgngBaS7ivU8T5U1meWIvR9nSQKrwShvTuhrgB6L/Uq
m2QCWQo8abERlZGu4ahlRbzabvwW8ETINfpDYt9LmJL71NMLGpmytmO78CKAzEiu
uvOWqxdNI4S3+mm07WF2z6hmroCQmVGx4Rr4euLbcDfyTI15j0m80k08/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWylr7YTEUvvXCe958KJt61FKH6MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEveGJLV3Z0aE1SUy05Y0o3M253b20zclVVb2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshYaMA0G
CSqGSIb3DQEBCwUAA4IBAQCW8gVD8yTM24XUOGDbsdZROy3UkvX1cUOW+6TteutB
fk8SouY37JdPStkFjyxYTXO4VvPkifbGKaZPxgXCpp8XoV9ioBrxvhc8TRy1iTSj
YdVboaLXBoeK9oUlsQvjXYcTcJNvxLa7UHcsHTLZUXZuu1sw6EH9KMvEul9oByJX
ECjd4TVIVCMu6ATpfSYnP5TPR7GqgJTizSclTyxOsJq2BRWYEyAMXX+kqEHGf/1D
+6Yzi5L0yMrd/A4rSLjbh5VNHh58WL+Fx5AJCkWnBNVl1p+8AE4BED7FiGX5JFeJ
urX5CfnE7R93Kqot8pTmdbZnVMjc0WA3yFozXwTg5uDA
-----END CERTIFICATE-----